Privacy

Derbyshire healthcare NHS Foundation Trust Privacy policy

ABOUT THIS PRIVACY POLICY

Derbyshire Healthcare NHS Foundation Trust (the “Trust”) is committed to protecting the privacy of its users.

This privacy policy (the “Privacy Policy”) explains our policy regarding any personal data that you might supply to us (or that might be collected from you or received about you) when you visit our website or use certain services offered via the website (“Information”). The Information shall be used in accordance with the permissions granted by you and in accordance with GDPR and the Data Protection Act 2018.

Please note this Privacy Policy does not apply to your communications with any third party.

DATA PROCESSORS

The Trust works with a number of authorised third-party partners, in order to deliver the services described on the Website and such authorised third-party partners are data processors (“Data Processors”) for the purposes of the Act.

DATA CONTROLLER

Derbyshire Healthcare NHS Foundation Trust is the data controller (“Data Controller”) for the purposes of the Act and can be contacted at Ashbourne Centre, Kingsway Site, Derby, DE22 3LZ. The Trust is registered with the ICORegistration number: Z8416831Date registered: 04 March 2004Registration expires: 03 March 2019

OUR COMMITMENT TO PROTECTING YOUR PRIVACY

The Trust is committed to protecting your privacy. You can visit all pages on the website without asking for any information. We do not automatically store or collect any personal information about our visitors, neither do we store nor collect personal information from other sources, such as public records or private organisations.

We do collect information from the technology that is used to view our site which we use to analyse trends and administer the site. The data collected to enable us to do this is anonymous and does not identify you as an individual.But sometimes the Trust does need Information to provide the services that you request. This document is designed to give you a clear explanation of the Trust’s data processing policies. Please see below for further information. If you have any questions or concerns relating to the Trust’s use of your Information and/or data protection, please contact the Data Controller at our registered office address above. By using the website you consent to Derbyshire Healthcare NHS Foundation Trust’s collection and use of your Information as described in this Privacy Policy. If we change this Privacy Policy we will post an updated version of this Privacy Policy on the website to keep you aware of what Information is collected, how it is used and under what circumstances we may disclose it.

INFORMATION COLLECTED

You may send us or we may ask you or we are sent via a third party or we may create the following Information:

General information about yourself (such as your personal or professional interests, your experience of our services and products or other services and products and your contact preferences);

Photographic and/or video materials featuring your name and likeness that you may post to our website or social media;

In the event that you apply for a job with the Trust, we will require further professional Information about your by way of a job application or your Curriculum Vitae; and

Special category data which is more sensitive, and can include your health, ethnicity, religion, sexual orientation, disability and biometric data including images.

The Trust may also collect certain information about your computer hardware and software, this includes:

Your IP address;

Browser type;

Operating system;

Access times; and

Referring website addresses

The Trust may, in limited circumstances, disclose your Information to third parties.These third parties may be other health care providers who will assist with patient care;

In the event that you apply for a job with the Trust we may share your Information with third-party agents whom we use to assist us in the recruitment process;

A third party or parties may be involved if the Trust is under a duty to disclose or share your Information to comply with any legal obligation or in order to enforce or apply the Trust’s terms and conditions and other agreements or protect the rights, property, or safety of our patients, staff, or others. This includes exchanging information with other companies and organisations for fraud protection.

HOW YOUR INFORMATION IS USED

The Trust and/or our partners may use your Information in the following ways:

To provide a health care service where necessary including safeguarding;

To ensure that the content on our website is presented in the most effective manner for you and your computer;

To enable you to use the interactive features of our website;

To contact you as members or interested parties;

For our internal record keeping;

To contact you to answer any queries you may have;

In the event that you apply for a job with The Trust we will use any Information you submit by way of a job application or your Curriculum Vitae solely to assess your suitability for employment by us and to carry out any subsequent interview process.

When your information is used we will use one or more of the following legal bases:

Where you have provided CONSENTWe may use and process your personal information where you have consented for us to do so for the following purpose:

to supply information about the Trust, its activities, reports and news.

Your data will not be passed, sold or given to any third parties for the purposes of marketing. You may withdraw your consent for us to use your information in any of these ways at any time. Please see the “Withdrawing your consent” Section.

Where required to perform a CONTRACT with youWe may use and process your personal information where it is necessary for the performance of a contract with you or in order to take steps at your request before entering into a contract with you including for the following purposes:

As members of staff;

As members of the Trust;

As contractors and sub-contractors

Where it is in your VITAL INTEREST

We may use your personal information without your consent if we otherwise reasonably believe that the processing of your personal information will prevent or reduce any potential harm to you. It is in your vital interests for us to use your personal information in this way.

Where required to comply with our LEGAL OBLIGATIONS

We will use your personal information to comply with our legal obligations including: (i) to assist HMRC, to prevent and detect fraud, to secure the effective and efficient delivery of NHS and related services, for benefits and tax administration and as part of an appeal. (ii) to identify you when you contact us; and (iii) to verify the accuracy of data that we hold about you.

Where there is a LEGITIMATE INTEREST

The Trust will not be using legitimate interest as a basis for using your personal information.

As part of our PUBLIC TASK

We will use your personal information as necessary for the performance of a task carried out in the public interest and in the exercise of official authority. The Trust may also use your personal information to conduct research. The official authority is the Health and Social care (Community health and Standards) Act 2003. Your health data will be processed by the Trust using this legal basis.

Special categories of personal data

Personal data concerning health is a special category of personal data. The Trust will use your personal data under a special part of the new law: Article 9(2)(h) which includes “medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems”.

The Trust will also use your personal information containing health for reasons including:

Waiting list management

Performance against national targets

Activity monitoring

Local clinical audit

Production of datasets for commissioning purposes and national collections

Responding to a public health emergency

The Trust might also use special categories of personal information for research. This might include medical data, ethnicity, faith, gender and biometric information. For this we will use part 9(2)(j) of the law which allows us to conduct proportionate research or statistical purposes.

When using your special categories of personal data we will use it in accordance with UK law and provide suitable and specific measures to safeguard your fundamental rights and interests

YOUR RIGHTS

Your data subject rights:

You have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within 30 days after we have received this information or, where no such information is required, after we have received your request.

Accessing your personal information

You have the right to ask for a copy of the information that we hold about you by emailing or writing to us at the address at the end of this policy. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.

Correcting and updating your personal information

The accuracy of your information is important to us and we are working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us in any of the contact details in this policy.Please note that while The Trust will endeavour to make the updates as promptly as possible, communications may be sent using the original details until the changes have been processed.

Withdrawing your consent

Where we rely on your consent as the legal basis for processing your personal information, as set out under “How we use your personal information” in Section 4, you may withdraw your consent at any time by contacting us using the details at the end of this policy. If you would like to withdraw your consent to which you previously opted in, you can also do so by contacting us either by telephone, post or e-mail. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.

Objecting to our use of your personal information and automated decisions made about you.

Where we rely on our public task as the legal basis for processing your personal information for any purpose(s), as mentioned in the “How we use your personal information” section, you may object to us using your personal information for these purposes by emailing or writing to us at the address at the end of this policy. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data. Your right to object will not apply where the information is being used for research or statistical purposes. You may also contest a decision made about you based on automated processing by contacting the data protection department.

Erasing your personal information or restricting its processing

In certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us at the address at the end of this policy. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request.You may also ask us to restrict processing your personal information in the following situations:

where you believe it is unlawful for us to do so;

where you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings.

In these situations, we may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for your health, for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.

Where you have asked for your personal information to be erased or rectified, or you have asked for the processing to be restricted, we will ensure we inform every organisation to whom we have formerly disclosed the information of your request, unless this proves impossible or involves disproportionate effort. If you ask we will tell you who these are.

Transferring your personal information in a structured data file

Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with your contract, as set out under “How we use your personal information”, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine-readable form, such as a CSV file.

You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.

Marketing Use

From time to time, and where you have given your permission to do so, the Trust may wish to contact you with information regarding other information about the Trust.

If you decide you do not want to receive those marketing communications, you can unsubscribe using the following methods:

OUR RETENTION OF YOUR INFORMATION

NATIONAL DATA OPT-OUT PROGRAMME

Our organisation is not currently able to apply your national data opt-out choice to any confidential patient information we may use or share with other organisations for purposes beyond your individual care.

STORING YOUR INFORMATION

The Information that the Trust collects from you may be transferred to and stored at a destination outside the Trust by a third party. The Trust has taken all steps reasonably necessary to ensure this data is stored and processed in line with GDPR and this Privacy Policy.

WEBSITE SECURITY/COOKIES

Our website may contain links to other websites run by other organisations which we do not control. This policy does not apply to those other websites and Apps‚ so we encourage you to read their privacy statements. We are not responsible for the privacy policies and practices of other websites and Apps (even if you access them using links that we provide) and we provide links to those websites solely for your information and convenience. We specifically disclaim responsibility for their content, privacy practices and terms of use, and we make no endorsements, representations or promises about their accuracy, content or thoroughness. Your disclosure of personal information to third party websites is at your own risk.In addition, if you linked to our website from a third party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website.

COOKIES

We use cookies on our Website for analysis and to help administer the site. The data collected to enable us to do this is anonymous and does not identify you as an individual.

REPORTING FRAUD

We are committed to ensuring your Information is secure. As part of our efforts to protect your Information, the Trust will never send you emails asking for your personal Information.

If you do receive such an email or are asked to disclose this information by someone claiming to work for The Trust please report the communication to our Data Controller using the following methods:

CHANGES TO THIS POLICY

We may review this policy from time to time and any changes will be notified to you by posting an updated version on our website and/or by contacting you by email. Any changes will take effect 7 days after the date of our email or the date on which we post the modified terms on our website, whichever is the earlier. We recommend you regularly check for changes and review this policy when you visit our website. If you do not agree with any aspect of the updated policy, you must promptly notify us and cease using our services.

REQUESTS FOR INFORMATION OR COMPLAINTS

If you have any questions, suggestions or complaints about the processing of your personal information or wish to contact us to amend/update your information or if you wish to access the information we hold about you, please contact us using the details below:

If you have any queries or concerns about how we use your information, please speak to the staff involved in your care. More detailed questions about how we use your information which cannot be discussed or resolved by a member of staff can be discussed with the Patient Experience Team on 01332 623751 or 0800 027 2128.

COMPLAINING TO THE UK DATA PROTECTION REGULATOR

You have the right to complain to the Information Commissioner’s Office (ICO) if you are concerned about the way we have processed your personal information. Please visit the ICO’s website for further details or use the contact details below. Information Commissioner’s OfficeWycliffe HouseWilmslowSK9 5AFEmail: www.ico.org.uk/global/contact-us/emailWebsite: www.ico.org.uk/